Firewall blocking NOD?

Discussion in 'NOD32 version 2 Forum' started by ejr, Mar 22, 2006.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    I don't know exactly what all this means, but my fireall recently blocked my computer from sending a packet to ESET.

    The firewall blocked the outgoing communication from TCP port 1036 to:

    1. u7.eset.com
    2. eset.casablanca.cz

    What does this mean? Was NOD trying to "phone home"?
     
  2. the_sly_dog

    the_sly_dog Registered Member

    Joined:
    Feb 28, 2006
    Posts:
    297
    Location:
    The Heart Of London
    hello ejr,

    i mite be wrong :eek: :eek: :eek:

    but it might of been eset nod32 looking for updates eg: automatic update every 1hr..
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    im sure theyd use an http port for updates. maybe it was submitting a suspicious file? try checking ur event log in nod32.
     
  4. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    OK...Both were updates. Question about that. What is the difference between the "kernel" module and the "update" module.

    My Kernel module is successful every time in updating the virus signatures. But my "update" module fails every time.
     
  5. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    That is correct. The "Update" module is in charge of checking for updates.
    • If NOD32 has trouble connecting to an Update server, you will see this message in your Event Log (from the Update module).
    • If NOD32 connects successfully to an Update server, no message is given.
    • If NOD32 connects successfully to an Update server *and* installs an update, no message is given for the connection, but a message is given for the actual update (by the Kernel module).
    About the TCP port 1036... when Windows makes an HTTP connection to a different computer, it usually accesses the HTTP port on the other computer (port 80), but the local port on your computer is some number >1024. If you want to see this in action, open up a Command Prompt and type in netstat. This will show you the various different network connections. For example, here are the results as I sit typing this message:
    Code:
    C:\Documents and Settings\alglove>[B]netstat[/B]
    
    Active Connections
    
      Proto  Local Address          Foreign Address           State
      TCP    computer:2191          wilderssecurity.com:http  TIME_WAIT
      TCP    computer:2192          wilderssecurity.com:http  TIME_WAIT
      TCP    computer:2193          wilderssecurity.com:http  TIME_WAIT
    If you run netstat as you browse the web, update NOD32, check e-mail, etc., you actually see the different network connections opening and closing.
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    ahh, thanx for the explanation
     
Thread Status:
Not open for further replies.